PANews reported on May 9 that the security team TonBit under BitsLab has discovered a new vulnerability in the TON Virtual Machine (TVM), related to the state migration issue of the RUNVM instruction. This vulnerability could lead to the destruction of the smart contract execution environment, resulting in contract anomalies. Specifically, attackers can exploit the moment when the virtual machine runs out of gas to damage the critical libraries of the virtual machine, causing subsequent operations that depend on these libraries to fail.
TonBit has submitted the vulnerability details and remediation plan to the TON Foundation and assisted in completing the repair work. Developers are advised to update promptly after the official patch is released, while also strengthening checks on library integrity and gas management in contracts to prevent similar issues from being maliciously exploited.
